Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update node.js to v23 #824

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Conversation

talkiq-ops
Copy link
Contributor

@talkiq-ops talkiq-ops commented Oct 17, 2024

This PR contains the following updates:

Package Type Update Change
node docker major 22.13.1 -> 23.6.1

Release Notes

nodejs/node (node)

v23.6.1: 2025-01-21, Version 23.6.1 (Current), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes
  • CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
  • CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
  • CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

  • CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)
Commits

v23.6.0: 2025-01-07, Version 23.6.0 (Current), @​marco-ippolito

Compare Source

Notable Changes
Unflagging --experimental-strip-types

This release enables the flag --experimental-strip-types by default.
Node.js will be able to execute TypeScript files without additional configuration:

node file.ts

There are some limitations in the supported syntax documented at https://nodejs.org/api/typescript.html#type-stripping
This feature is experimental and is subject to change.

Contributed by Marco Ippolito in #​56350

Other Notable Changes
  • [c1023284c3] - (SEMVER-MINOR) lib: add typescript support to STDIN eval (Marco Ippolito) #​56359
  • [8dc39e5e2e] - (SEMVER-MINOR) process: add process.ref() and process.unref() methods (James M Snell) #​56400
  • [8b20cc212b] - (SEMVER-MINOR) worker: add eval ts input (Marco Ippolito) #​56394
Commits

v23.5.0: 2024-12-19, Version 23.5.0 (Current), @​aduh95

Compare Source

Notable Changes
WebCryptoAPI Ed25519 and X25519 algorithms are now stable

Following the merge of Curve25519 into the
Web Cryptography API Editor's Draft the
Ed25519 and X25519 algorithm identifiers are now stable and will no longer
emit an ExperimentalWarning upon use.

Contributed by Filip Skokan in #​56142.

On-thread hooks are back

This release introduces module.registerHooks() for registering module loader
customization hooks that are run for all modules loaded by require(), import
and functions returned by createRequire() in the same thread, which makes them
easier for CJS monkey-patchers to migrate to.

import assert from 'node:assert';
import { registerHooks, createRequire } from 'node:module';
import { writeFileSync } from 'node:fs';

writeFileSync('./bar.js', 'export const id = 123;', 'utf8');

registerHooks({
  resolve(specifier, context, nextResolve) {
    const replaced = specifier.replace('foo', 'bar');
    return nextResolve(replaced, context);
  },
  load(url, context, nextLoad) {
    const result = nextLoad(url, context);
    return {
      ...result,
      source: result.source.toString().replace('123', '456'),
    };
  },
});

// Checks that it works with require.
const require = createRequire(import.meta.url);
const required = require('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(required.id, 456);  // Replaced by load hook to 456

// Checks that it works with import.
const imported = await import('./foo.js');  // Redirected by resolve hook to bar.js
assert.strictEqual(imported.id, 456);  // Replaced by load hook to 456

This complements the module.register() hooks - the new hooks fit better
internally and cover all corners in the module graph; whereas
module.register() previously could not cover require() while it was
on-thread, and still cannot cover createRequire() after being moved
off-thread.

They are also run in the same thread as the modules being loaded and where the
hooks are registered, which means they are easier to debug (no more
console.log() getting lost) and do not have the many deadlock issues haunting
the module.register() hooks. The new API also takes functions directly so that
it's easier for intermediate loader packages to take user options from files
that the hooks can't be aware of, like many existing CJS monkey-patchers do.

Contributed by Joyee Cheung in #​55698.

Other notable changes
  • [59cae91465] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
  • [72f79b44ed] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
  • [b5a2c0777d] - (SEMVER-MINOR) module: add prefix-only modules to module.builtinModules (Jordan Harband) #​56185
  • [9863d27566] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
  • [8e780bc5ae] - (SEMVER-MINOR) module: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #​55698
  • [65bc8e847f] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
  • [0ab36e1937] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
  • [efcc5d90c5] - (SEMVER-MINOR) src,lib: stabilize permission model (Rafael Gonzaga) #​56201
Commits

v23.4.0: 2024-12-10, Version 23.4.0 (Current), @​aduh95 prepared by @​targos

Compare Source

Notable Changes
Introducing experimental assert.partialDeepStrictEqual

Sometimes, when writing test, we want to validate that some specific properties
are present, and the mere presence of additional keys are not exactly relevant
for that specific test. For this use case, we can now use
assert.partialDeepStrictEqual, which should be familiar to those already using
assert.deepStrictEqual, with the main difference that it does not require all
properties in the actual parameter to be present in the expected parameter.

Here are a few examples of usage:

assert.partialDeepStrictEqual(
  { a: 1, b: 2, c: 3 },
  { a: 1, b: 2 },
);

assert.partialDeepStrictEqual(
  [1, 2, 3, 4],
  [2, 3],
);

assert.partialDeepStrictEqual(
  { a: { b: { c: 1, d: 2 } }, e: 3 },
  { a: { b: { c: 1 } } },
);

assert.partialDeepStrictEqual(
  { a: { b: { c: 1, d: 2 } }, e: 3 },
  { a: { b: { c: 1 } } },
);

assert.partialDeepStrictEqual(
  new Set([{ a: 1 }, { b: 1 }]),
  new Set([{ a: 1 }]),
);

assert.partialDeepStrictEqual(
  { a: new Set([{ a: 1 }, { b: 1 }]), b: new Map(), c: [1, 2, 3] },
  { a: new Set([{ a: 1 }]), c: [2] },
);

Contributed by Giovanni Bucci in #​54630.

Implement --trace-env and --trace-env-[js|native]-stack

This release introduces --trace-env, --trace-env-js-stack and --trace-env-native-stack
CLI options that print information about any access to environment variables done in the current
Node.js instance to stderr. Currently in the logs, only the names of the environment variables
being accessed are printed, while the values are not printed to avoid leaking sensitive
information. To print the stack trace of the access, use --trace-env-js-stack and/or
--trace-env-native-stack.

Contributed by Joyee Cheung in #​55604.

Other notable changes
Commits

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@talkiq-ops talkiq-ops requested a review from a team as a code owner October 17, 2024 01:12
@talkiq-ops talkiq-ops requested review from santiagofdialpad and removed request for a team October 17, 2024 01:12
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved 👍

@talkiq-ops talkiq-ops force-pushed the renovate/node-23.x branch 2 times, most recently from ace25b2 to 726c4c0 Compare October 30, 2024 02:14
@talkiq-ops talkiq-ops force-pushed the renovate/node-23.x branch 2 times, most recently from 3736f5b to d0d677a Compare November 21, 2024 20:04
@talkiq-ops talkiq-ops force-pushed the renovate/node-23.x branch 2 times, most recently from 23d7a62 to 812573a Compare January 8, 2025 03:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants